Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bundle agent password_security {
- files:
- centos.redhat::
- "/etc/pam.d/system-auth"
- edit_line => harden_cracklib;
- }
- bundle edit_line harden_cracklib {
- vars:
- "cracklib_options" string => "retry=3";
- "account_tally_options" string => "per_user deny=6 no_magic_root reset";
- "auth_tally_options" string => "onerr=fail no_magic_root";
- delete_lines:
- "password";
- "auth";
- "account";
- insert_lines:
- "auth required pam_tally.so $(auth_tally_options)" location => pamsysauth("auth");
- "account required pam_tally.so $(account_tally_options)" location => pamsysauth("account");
- "password required pam_cracklib.so $(cracklib_options)" location => pamsysauth("password");
- }
- body location pamsysauth(block) {
- select_line_matching => "^$(block)";
- before_after => "after";
- first_last => "last";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement